/**
* Checks to see if the UNIX user ID is at the console.
* Should always fail on Windows (set the error to
* #DBUS_ERROR_NOT_SUPPORTED).
*
* @param uid UID of person to check
* @param error return location for errors
* @returns #TRUE if the UID is the same as the console user and there are no errors
*/
dbus_bool_t
_dbus_unix_user_is_at_console (dbus_uid_t uid,
DBusError *error)
{
return _dbus_is_console_user (uid, error);
}
/**
* Unit test for dbus-userdb.c.
*
* @returns #TRUE on success.
*/
dbus_bool_t
_dbus_userdb_test (const char *test_data_dir)
{
const DBusString *username;
const DBusString *homedir;
dbus_uid_t uid;
unsigned long *group_ids;
int n_group_ids, i;
DBusError error;
if (!_dbus_username_from_current_process (&username))
_dbus_assert_not_reached ("didn't get username");
if (!_dbus_homedir_from_current_process (&homedir))
_dbus_assert_not_reached ("didn't get homedir");
if (!_dbus_get_user_id (username, &uid))
_dbus_assert_not_reached ("didn't get uid");
if (!_dbus_groups_from_uid (uid, &group_ids, &n_group_ids))
_dbus_assert_not_reached ("didn't get groups");
printf (" Current user: %s homedir: %s gids:",
_dbus_string_get_const_data (username),
_dbus_string_get_const_data (homedir));
for (i=0; i<n_group_ids; i++)
printf(" %ld", group_ids[i]);
printf ("\n");
dbus_error_init (&error);
printf ("Is Console user: %i\n",
_dbus_is_console_user (uid, &error));
printf ("Invocation was OK: %s\n", error.message ? error.message : "yes");
dbus_error_free (&error);
printf ("Is Console user 4711: %i\n",
_dbus_is_console_user (4711, &error));
printf ("Invocation was OK: %s\n", error.message ? error.message : "yes");
dbus_error_free (&error);
dbus_free (group_ids);
return TRUE;
}
BusClientPolicy*
bus_policy_create_client_policy (BusPolicy *policy,
DBusConnection *connection,
DBusError *error)
{
BusClientPolicy *client;
dbus_uid_t uid;
dbus_bool_t at_console;
_dbus_assert (dbus_connection_get_is_authenticated (connection));
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
client = bus_client_policy_new ();
if (client == NULL)
goto nomem;
if (!add_list_to_client (&policy->default_rules,
client))
goto nomem;
/* we avoid the overhead of looking up user's groups
* if we don't have any group rules anyway
*/
if (_dbus_hash_table_get_n_entries (policy->rules_by_gid) > 0)
{
unsigned long *groups;
int n_groups;
int i;
if (!bus_connection_get_groups (connection, &groups, &n_groups, error))
goto failed;
i = 0;
while (i < n_groups)
{
DBusList **list;
list = _dbus_hash_table_lookup_ulong (policy->rules_by_gid,
groups[i]);
if (list != NULL)
{
if (!add_list_to_client (list, client))
{
dbus_free (groups);
goto nomem;
}
}
++i;
}
dbus_free (groups);
}
if (!dbus_connection_get_unix_user (connection, &uid))
{
dbus_set_error (error, DBUS_ERROR_FAILED,
"No user ID known for connection, cannot determine security policy\n");
goto failed;
}
if (_dbus_hash_table_get_n_entries (policy->rules_by_uid) > 0)
{
DBusList **list;
list = _dbus_hash_table_lookup_ulong (policy->rules_by_uid,
uid);
if (list != NULL)
{
if (!add_list_to_client (list, client))
goto nomem;
}
}
/* Add console rules */
at_console = _dbus_is_console_user (uid, error);
if (at_console)
{
if (!add_list_to_client (&policy->at_console_true_rules, client))
goto nomem;
}
else if (dbus_error_is_set (error) == TRUE)
{
goto failed;
}
else if (!add_list_to_client (&policy->at_console_false_rules, client))
{
goto nomem;
}
if (!add_list_to_client (&policy->mandatory_rules,
client))
goto nomem;
bus_client_policy_optimize (client);
return client;
nomem:
BUS_SET_OOM (error);
failed:
_DBUS_ASSERT_ERROR_IS_SET (error);
if (client)
bus_client_policy_unref (client);
return NULL;
}
